OpenAM 16.1.1 patches 10+ CVEs as wodzen coordinated disclosure rolls out
OpenAM 16.1.1 shipped June 17 with fixes for 17 CVEs. Public advisories began June 22 and continued through June 29: pre-auth RADIUS spoof, MSISDN LDAP injection, OAuth2 takeover, Groovy sandbox RCE.